Export limit exceeded: 359337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3833 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 6.5 Medium |
| A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure. | ||||
| CVE-2026-3539 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-16 | 8.8 High |
| Determined a bug and not a vulnerability | ||||
| CVE-2026-2340 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-16 | 6.5 Medium |
| A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file. | ||||
| CVE-2026-42010 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 7.1 High |
| A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process. | ||||
| CVE-2026-42009 | 2 Gnu, Redhat | 18 Gnutls, Enterprise Linux, Enterprise Linux Eus and 15 more | 2026-06-16 | 7.5 High |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | ||||
| CVE-2026-33846 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 7.5 High |
| A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption. | ||||
| CVE-2026-33845 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 7.5 High |
| A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service. | ||||
| CVE-2026-12013 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-16 | 8.8 High |
| Determined not a vulnerability | ||||
| CVE-2026-8568 | 1 Google | 1 Chrome | 2026-06-16 | 3.1 Low |
| Determined not a vulnerability | ||||
| CVE-2026-7936 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-16 | 4.3 Medium |
| Determined not a vulnerability | ||||
| CVE-2026-1933 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-16 | 7.1 High |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | ||||
| CVE-2025-69112 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions. | ||||
| CVE-2025-69108 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions. | ||||
| CVE-2025-69107 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions. | ||||
| CVE-2025-69105 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions. | ||||
| CVE-2025-69103 | 2026-06-16 | 7.5 High | ||
| Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions. | ||||
| CVE-2025-58924 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Geya <= 1.15 versions. | ||||
| CVE-2026-10635 | 1 Zephyrproject | 1 Zephyr | 2026-06-16 | 6.3 Medium |
| On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded inside the caller-owned struct k_mem_domain. When a domain is destroyed via k_mem_domain_deinit() - arch_mem_domain_deinit(), the page tables are torn down and domain-arch.ptables is set to NULL, but the domain's node was not removed from xtensa_domain_list. The freed/deinitialized domain therefore remained linked into the global list as a dangling pointer into caller-owned storage that may then be freed or reused. Any subsequent arch_mem_map()/arch_mem_unmap() operation (widely invoked by kernel memory-mapping and demand-paging code) traverses the stale node and dereferences domain-ptables: at minimum a NULL pointer dereference causing a fatal MMU exception (denial of service), and if the k_mem_domain storage has been freed or reused, a use-after-free in which a stale/controlled ptables value is dereferenced and written through during the page-table walk (l2_page_table_map writes l1_table[...] and l2_table[...], and xtensa_mmu_compute_domain_regs writes into the domain struct and the L1 table), yielding page-table memory corruption that can undermine userspace isolation. The vulnerable path is reachable only from privileged kernel/supervisor code (k_mem_domain_deinit is not a syscall), not directly from unprivileged user threads or remotely. Affected: Zephyr v4.4.0 (the Xtensa memory-domain de-initialization feature was introduced in commit 3032b58f52d and first shipped in v4.4.0); fixed on main by adding sys_slist_find_and_remove() in arch_mem_domain_deinit(). The Xtensa MPU path is unaffected. | ||||
| CVE-2026-0142 | 1 Google | 1 Android | 2026-06-16 | 3.3 Low |
| In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-11414 | 1 Altium | 2 Enterprise Server, On-prem Enterprise Server | 2026-06-16 | 9.8 Critical |
| A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials. A separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted in practice, as file storage uses object storage rather than the local filesystem. | ||||